Cryptology ePrint Archive: Report 2010/351

Decentralizing Attribute-Based Encryption

Allison Lewko and Brent Waters

Abstract: We propose a Multi-Authority Attribute-Based Encryption (ABE) system.
In our system, any party can become an authority and there is no
requirement for any global coordination other than the creation of an
initial set of common reference parameters. A party can simply act as
an ABE authority by creating a public key and issuing private keys to
different users that reflect their attributes. A user can encrypt
data in terms of any boolean formula over attributes issued from any
chosen set of authorities. Finally, our system does not require any
central authority.

In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority ``tied'' together different components (representing different attributes) of a user's private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers.

We prove our system secure using the recent dual system encryption
methodology where the security proof works by first converting the
challenge ciphertexts and private keys to a semi-functional form and
then arguing security. We follow a recent variant of the dual system
proof technique due to Lewko and Waters and build our system using
bilinear groups of composite order. We prove security under similar
static assumptions to the LW paper in the random oracle model.